diff options
author | Nick Kralevich <nnk@google.com> | 2015-08-07 10:02:37 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-08-07 10:05:15 -0700 |
commit | a1e21653e86d21a4ab0946ee2761b6f0163d5742 (patch) | |
tree | 16b72aa947a24d1470e2e9423fb0e431f90850b5 /media/libstagefright/MPEG4Extractor.cpp | |
parent | c87faed60483afb2466e03892bda80b72e5822c7 (diff) | |
download | frameworks_av-a1e21653e86d21a4ab0946ee2761b6f0163d5742.zip frameworks_av-a1e21653e86d21a4ab0946ee2761b6f0163d5742.tar.gz frameworks_av-a1e21653e86d21a4ab0946ee2761b6f0163d5742.tar.bz2 |
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
If size == SIZE_MAX, the line:
uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];
ends up allocating zero bytes, which is obviously incorrect.
This is conceptually a cherrypick of commit
b2d33aee5122c91a59c2a676c0b89ad340232450 , but specifically for
Android 4.1 through Android 4.4. In Android 5.0, new code
was introduced which caused the function parseMetaData()
to be renamed.
Bug: 23031033
Change-Id: Ib34e740f3292a484f8a24e513c1cce58f2f33ecb
Diffstat (limited to 'media/libstagefright/MPEG4Extractor.cpp')
-rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 9c5859f..b5d54f2 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -1566,7 +1566,7 @@ status_t MPEG4Extractor::parseTrackHeader( } status_t MPEG4Extractor::parseMetaData(off64_t offset, size_t size) { - if (size < 4) { + if (size < 4 || size == SIZE_MAX) { return ERROR_MALFORMED; } |